Splunk Admin/developer Resume
Atlanta, GA
SUMMARY:
- Over all 7+ years of experience in Architecting and deploying various components within Splunk (indexer, forwarder, search head, deployment server) and security delivering innovative solutions to fix around and automation.
- Creating accurate Reports, Dashboards, Visualizations and Pivot tables for the business users.
- Designed, supported and maintained Splunk cluster infrastructure in a highly available, geo - redundant configuration
- Experienced in designing and implementing the architecture with Indexer clustering to maintain data availability and disaster recovery.
- Experience in maintained Splunk based native Role and User creation.
- Configured Clusters, Server groups and Cloning for improved availability and failover capacity.
- Experience in standardizing Splunk forwarder deployment, configuration and maintenance across UNIX and Windows platforms.
- Field Extraction, Using Ifx, Rex Command and Regex in configuration files.
- Streamlined Splunk to build, configure and maintain heterogeneous environments and in-depth knowledge of log analysis generated by various systems including security products (SIEM functionality).
- Experienced in customizing Splunk for Monitoring, Application Management, and Security as per customer requirements and industry best practice.
- Various types of charts Alert settings Knowledge of app creation, user and role access permissions. Creating and managing app, Create user, role, Permissions to knowledge objects.
- Developed reports, dashboards, alerting, creating roles, user provisioning and clustering using Splunk.
- Involved in various phases of Software Development Life Cycle (SDLC) including Analysis, Design, Testing, Implementation and Maintenance
- Create Splunk Search Processing Language (SPL) queries, Reports, Alerts, and Dashboards.
- Developed Splunk objects and reports on Security baseline violations, non-authenticated connections, Brute force attacks and many use cases.
- Splunk administration and analytics development on Information Security, infrastructure and network, data security, Splunk enterprise security app, Triage events, incident analysis.
- Integration of Splunk with a wide variety of legacy ad security data sources that use various protocols.
- Technical writing/creation of formal documentation such as reports, training material and architecture diagrams.
- Experience in dashboards and reports performance optimization. Working knowledge of scripting languages (e.g. Python, bash, etc.). Excellent knowledge of TCP/IP networking, and inter-networking technologies (routing/switching, proxy, firewall, load balancing etc.)
- Team leading, deeper analysis of data using event correlations across indexes and various source types to generate custom reports for senior management.
- Managing indexes and cluster indexes, Splunk web framework, data model and pivot tables.
- Working on Splunk ITSI glass tables, deep dives, ITSI modules.
- A configured service, Entities, Correlations searches with corresponding KPI metrics in Splunk ITSI Application
- Hands on development experience in customizing Splunk dashboards, visualizations, configurations, reports and search capabilities using customized Splunk queries.
- Designing and maintaining production-quality Splunk dashboards. Good experience in Splunk, Shell scripting to automate and monitor the environment routine tasks.
TECHNICAL SKILLS:
Log Analysis Tool: Splunk Enterprise Server 5.x/6.x/7.x, Splunk Universal Forwarder 5.x/6.x, Splunk DB Connect
Web/App Servers: Web Sphere Application Server 5.0/6.x/7.x/8.x, Web Sphere MQ Sever 6.x/7.x, WebSphere XD 6.0/6.1, IBM Http Server 6.x/7.x/8.x, Apache Web Server 2.x, Tomcat 5.5, IIS 6/7.x
Operating Systems: IBM AIX (5.1/6.1), RHL Linux, Windows Server 2003/2008 R2, VMWare
Programming: Java, J2EE, C++, C, SQL/PL SQL, HTML, DHTML, XML.
Scripting: JACL, Python, WSCP, WSADMIN, Korn Shell Script, Perl, JavaScript, CSS, Batch
Databases: Oracle (8i/9i), UDB/DB2, Sybase, MS SQL Server, IBM DB2
Monitoring tools: Wily Introscope 8.x/9.x, Tivoli, BSM Topaz, Tivoli Performance Viewer, IBM Thread and Heap Analyzers
Networking: TCP/IP Protocols, Socket Programming, DNS.
PROFESSIONAL EXPERIENCE:
Splunk Admin/Developer
Confidential - Atlanta, GA
Responsibilities:
- Create Dashboard, Reports and Alerts for events and configure alert mail. Hands on development experience in customizing Splunk dashboards, visualizations, configurations, reports and search capabilities using customized Splunk queries.
- Gathering various sources of syslog and XML data from devices, applications, and data bases.
- Perform daily health checks and maintain integrity of production environment by proactively resolving services impacting incidents.
- Setup Splunk Forwarders for new application tiers introduced into environment and existing application.
- Work closely with Application Teams to create new Splunk dashboards for Operation teams.
- Identify pattern and trends that are indicators of routine problems.
- Troubleshooting and resolve the Splunk - performance, log monitoring issues; role mapping, dashboard creation etc.
- Optimized Splunk for peak performance by splitting Splunk indexing and search activities across different machines.
- Using Search Processing Language (SPL) created Visualizations to get the value out of data.
- Managed Indexer Clusters including security, hot and cold bucket management and retention policies.
- Created EVAL Functions where necessary to create new field during search run time.
- Used Ifx, Rex and Regex commands for field extraction.
- Configured Splunk Searching and Reporting modules, Knowledge Objects, Administration, Regex, Dashboards, Clustering and Forwarder Management.
Splunk Engineer
Confidential - Buffalo, IL
Responsibilities:
- Developed Splunk Infrastructure on Cloud (Amazon AWS) in coordination with infrastructure Support Team
- Install and maintain the Splunk add-on including the DB Connect 1, Active Directory LDAP for work with directory and SQL database.
- Developing, designing and managing app, create user, role, permissions to knowledge objects.
- Involved in standardizing Splunk forwarder deployment, configuration, and maintenance across UNIX and Windows platforms
- To write regular expressions to extract the meaningful fields.
- Played a major role in understanding the logs, server data and brought an insight of the data for the users.
- Expert in creating Splunk knowledge objects. Hands on experience in installing Splunk TASSymantec DLP, Splunk DB connect Splunk App for AWS and more.
- Worked on Security solutions (SIEM) that enable organizations to detect, respond and prevent these threats by providing valuable context and visual insights to help you make faster and smarter security decisions.
- Experience in providing monitoring and response to security events in Security Operations Center (SOC) team.
- Knowledge about Splunk architecture and various components (indexer, forwarder, search head, deployment server), Heavy and Universal forwarder, License model.
- Experience in configurations with deployment server, indexers, search heads, server class. conf, server. conf, apps.conf, props.conf, transform.conf, forwarder management configurations.
- Launch Splunk searches using auto-populated queries from the AppDynamics Console based on criteria such as time ranges
- Monitored and created all forwarders in a centralized deployment server.Configured and developed complex dashboards and reports on Splunk.
- Performed splunk migration tasks from one splunk 6.x to splunk 7.x, Upgradation etc.
- Experience with Active Directory and SSO Single sign-On option.
- AppDynamics using the Controller REST API and push it into Splunk.
Splunk Admin/Developer
Confidential - Tampa, FL
Responsibilities:
- Created historical and real-time Dashboards, reports, scheduled searches and alerts
- Deployed and Managed Splunk DB connect Identities, Database Connections, Database Inputs, Outputs, lookups, access controls.
- Installation, Configuration, Migration, Trouble-Shooting and Maintenance of Splunk, Passionate about Machine data and operational Intelligence.
- Worked on Integrating Splunk with Windows Active Directory and LDAP.
- Worked on installing and using Splunk apps for UNIX and Linux ( Splunk UNIX).
- Analyzed security based events, risks and reporting instances. Correlating events from a Network, OS, Anti-Virus, IDS/ IPS, Firewalls or Proxies and analyzing them for possible threats.
- Understand and interpret customer requirements for Splunk implementation for an enterprise solution.
- Provide deployment strategies with the understanding of affordable risk based on customer acceptance.
- Apply, as appropriate, activity and data modeling, transaction flow analysis, internal control and risk analysis and modern business methods and performance measurement techniques
- Created and configured management reports and dashboards. Planned, implemented, and managed Splunk for log management and analytics
- Monitor security violations, flag potential violations and logging security incidents in Service Now.
- Validate the existing rules and provide recommendation on fine tuning the rules. Creating and sending Risk Advisories to our clients.
- Handled the false positive alerts; weekly/Monthly incident analysis report.
- Analyzing the events and providing solutions for the incidents.
- Involved in setting up alerts for a different type of errors, Data Enrichment using the lookups and Data Interpretation using the Fields and Fields Extraction and performing the Data Normalization using the Tags.
- Maintained Splunk Environment with multiple indexers; managed and configured settings.
- Improved search performance by configuring to search heads for all Indexes in production.
- Analyzed security based events, risks and reporting instances.
- Developed Splunk queries and dashboards targeted Confidential understanding application performance and capacity analysis
Splunk Engineer
Confidential - Atlanta, GA
Responsibilities:
- Provide regular support guidance to Splunk project teams on complex solution and issue resolution.
- Created Dashboards, report, scheduled searches and alerts.
- Involved in standardizing Splunk forwarder deployment, configuration and maintenance across UNIX and Windows platforms.
- Creating DevOps dashboard that aggregates data across multiple services to identify critical threats and proactively mitigate risks.
- Knowledge about Splunk architecture and various components (indexer, forwarder, search head, deployment server), Heavy and Universal forwarder, License model.
- Prepared, arranged and tested SPLUNK search strings and operational strings.
- Analyzed security-based events, risks and reporting instances.
- Provide regular support guidance to SPLUNK project teams on complex solution and issue resolution WITH the objective of ensuring best fit and high quality.
- Design platforms for large scale performance while maintaining security of sensitive data.
- Used techniques to optimize searches for better performances and used search time vs index time field extraction.
- Anonymize the PII (Personally Identifiable Information) data in Splunk . Masked sensitive information such as Social Security Numbers, Email addresses when showing results in Splunk .
- Having Strong understanding of Report and Dashboard configuration and development.\
- Experience in Extraction on Search time vs Index time field extraction.
- Good Understanding of configuration files, precedence and daily work exposure to Props.conf, transforms. conf, inputs.conf, outputs.conf and Setting up a forwarder information based on requirement.
- Creating dashboard with saved searches and Inline search including various types of charts and alert settings.
- Plan and Build Splunk Cluster environment with High Availability resources.
- Onboard new log sources with log analysis and parsing to enable SIEM correlation .